Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Showing results for 
Search instead for 
Do you mean 

A Blueprint for the New Network with Juniper Networks EX Series and vGW at the Core

by ‎10-26-2012 05:00 AM - edited ‎06-11-2013 07:10 AM

 This is a guest blog post. Views expressed in this post are original thoughts posted by Glen Kemp, Solutions Consultant at SecureData Europe. These views are his own and in no way do they represent the views of the company he works for.


A customer recently asked me to provide a proposal for a consolidated data centre with some fairly fixed requirements. It had to fit in a fixed budget, a fixed amount of rack space and host a fixed number of servers.


It was the same week that Juniper Networks launched the EX4550 Ethernet Switch. This represented for me the last piece of a puzzle in terms of what data centre networks will increasingly look like. So when my customer asked me: “design me a data centre, I’ll need it operational within a month” what did I propose? Well, for a start a shopping list much shorter and a timescale much less pessimistic than you’d think.


Breaking it down


The modern data centre can be broken down into five basic components:


  • Compute Platform. Servers or anything with a general-purpose operating system such Windows, Linux, or Solaris which ultimately run any “line of business” application.
  • Interconnect. Anything which connects anything to anything else over any medium. In most cases this will be Ethernet but includes Fibre Channel and even legacy serial networks and Wi-Fi.
  • Security. This can either be embedded as a function of the operating system or discrete in the case of a network appliance.
  • Storage. At some point, data has to “rest” somewhere, in many cases it will be network attached (via Ethernet or Fibre Channel), but may well be directly attached or embedded to the compute platform.
  • Utility. This covers everything else such as HVAC, power and lighting, but also could be used to cover non-line services such as backup, network management overlay and resiliency services such as clustering.

Starting with a clean sheet of paper, how do we build a new data centre from these five basic components? If we select a single vendor and technology for each component we can standardise upon off-the shelf components. This reduces the quantity and classes of physical hardware needed; in turn this makes redundancy simpler and leaves less equipment idling. Here’s the design I put together:


The Interconnect


At the heart there has to be a core fabric; in our case an Ethernet switch. Whilst Ethernet is an imperfect transmission medium, it’s fast, open and very easy to scale. The EX4550 is an ideal network core as it allows us to collapse the classic access, aggregation and core layers into a single pair of switches. A single rack unit can directly connect our compute platform to our storage at wire rate whilst handling full layer 3 routing. Each switch provides a frankly mind-boggling 480Gbps of bandwidth linked via a 256Gbps Virtual Chassis backplane. Whilst I can quote speeds and feeds till I’m blue in the face, what makes this truly impressive is the list price; $19,000. For a next generation switch with full Layer 3 routing features this provides ample capacity for our “east-west” server-to-server and server-to-storage traffic.


The Compute Platform


A quad-socket Intel Xeon E7 server can provide 40 cores of processing cores in 2u of rack space. This essentially provides a platform to host a very large number of virtualised servers in a hyper dense environment. The servers themselves would essentially be diskless; save an industrial flash drive to boot the hypervisor. To connect the platform to the fabric 10GbE direct attached copper (DAC) cables provide inexpensive, straightforward connectivity without having to mess around with expensive GBICs and delicate fibre. Four connections are all that’s required to link each server to the fabric; two dedicated for server traffic and two for storage I/O. Capacity planning is obviously critical, but the partnership of new processor and RAM technologies such as Intel Xeon E7 and LRDIMMS make this kind of server density not only feasible, but a practical solution. As few as four servers would provide 320 execution cores in a less than a quarter of a standard 42u rack. A slightly less avant-garde approach would be to use dual-socket, 1u servers with slightly fewer cores. This would provide a greater redundancy and lessen the impact of a single server failure, at the cost of increasing the number of physical connections.




Separating the storage from the compute platform is commonplace; however there are different ways of achieving this. The iSCSI standard is commonly deployed and supported by many vendors. It allows flexibility of deployment without proprietary lock-in of the storage adaptor, transit switch or disk array. By again utilising “of the shelf” technology, expensive cards for the servers and dedicated Fibre Channel switches can be avoided. Whilst Fibre Channel probably represents the highest performance solution for disk access, it doesn’t offer value for money or flexibility an iSCSI solution would. Given the need for a high-performance Ethernet switch for the server interconnect, utilising iSCSI to connect the compute platform to the storage represents a simple, elegant solution.


The Security Layer


By virtualising most, if not all, of the application servers into the compute platform, we create a new problem. Most virtualised environments place the servers on the same layer 2 subnet. Whilst this is “easy” it doesn’t provide a straightforward way to police server-to-server network traffic or provide in-line intrusion detection. Artificially breaking a virtualised network into subnets is painful; routing that traffic via a firewall (either physical or virtual) almost certainly creates a performance bottleneck and definitely increases the complexity. A more practical solution is to use a network security tool designed for the job at hand; a virtual security gateway integrated into the hypervisor such as Juniper’s vGW. The traditional approach of a “firewall in a virtual machine” is not a particularly efficient method of forwarding traffic; it is forcing a virtualised environment to behave like a physical one; a square peg in a round hole. By hooking into the VMware native APIs, vGW can directly intercept the network I/O of each virtualised machine as it heads down network stack, making the forwarding decision at the point of egress rather than a traditional “default gateway” approach. This allows much higher performance than forcing the traffic to an external firewall. vGW acts as a transparent layer 2 bridge between the guest and the virtual switch. This approach is also more cost effective than purchasing a dedicated firewall cluster capable of handing inter-server communication. Ultimately this means layer 3 routing decisions can be handled at layer 3 by a device designed to handle such high throughputs; the Juniper EX4550 switch.


vGW Kernel Interaction (from the vGW documentation)


vGW Kernel


Time to Live


One of the benefits of this methodology is that the data centre build out time is significantly reduced. Fewer physical devices mean less network cabling, less power and less cooling. The initial “stand up” on a new data centre deployment is perhaps the slowest and most painful part. Once the basic connectivity is addressed, the application, network and security teams can then start their individual tasks. If there is less to “stand up” the “time to live” can be radically reduced and project life cycles shortened.


Physical Design


 Physical Layout



The amazing thing about this design is that there is very little actual equipment to deploy. In fact, the total rack budget is tiny:


2x Juniper Networks EX4550 switches = 2u

4x Dell D820 PowerEdge™ Server = 8u

2x Dell PowerVault™ MD3600i 10GbE iSCSI Array & 12 600GB 15K SAS = 4u


Total rack space required = 14u


Logical Diagram


Green field logical design 



Scaling Up


This design is obviously created with a fixed capacity in mind, but it can easily be scaled upwards to accommodate more physical and logical servers. Because the EX4550 is designed as a “top of rack” switch, up to 10 switches can be added in the same virtual chassis should you need to support dozens if not hundreds of physical hosts.




Ultimately, by consolidating the core of the infrastructure, you end up with a much simpler deployment. This means you save in real-terms on the fifth important part of the data centre; the bit which costs you money and never see any return on; the utility. Fewer devices mean less power draw, less rack space to rent, fewer network changes to make and fewer mechanical components to fail. The upshot is that the new network is physically and logically smaller than one, which it will replace. It will cost less to maintain and be faster to “stand up”. Anyone who has a pricing model based upon physical hosts deployed or number of rack units powered is going to very shortly run into a series of very big problems.


So, what aspects of have I missed out? Where is the Achilles heel in my plan? What other innovations are out there which I’ve not mentioned? I’d be pleased to hear about them in the comments section below.

Juniper Networks Technical Books
About the Author
  • Aviram Zrahia is a consulting engineer at Juniper Networks and an industry researcher of cyberspace. He holds a CISSP and GCIH certifications, as well as a bachelor's degree in computer science and MBA in management of technology, innovation, and entrepreneurship. He is also a research fellow in the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University, currently focusing on the domain of threat intelligence sharing.
  • Ben has been working with service providers around the world for the last 15 years developing business cases for a variety of product concepts and new ventures. Ben holds an MBA from MIT and a BS & MS in Mechanical Engineering from Johns Hopkins University.
  • A Marketing and Business Development professional with 24 years extensive Sales/Business Development, Marketing and Technical experience in the Networking/Telecoms/Datacomms and Mobile market segments, focused on selling to Service Providers. Fomerly VP Marketing at the Metro Ethernet Forum (MEF)
  • David Noguer Bau is the head of Telco Vertical Marketing at the SP Strategic Marketing team in Juniper Networks. He has extensive experience in Service Provider network evolution and regularly runs executive sessions with technical and marketing teams of important telecom operators to accelerate the adoption of virtualisation. David is based in Barcelona and has over 15 years of experience in the telecommunications sector. Prior joining Juniper Networks, Mr. Noguer Bau spent seven years at Nortel where he was a Business Development Manager specializing in Carrier Ethernet and Broadband areas. Before Nortel he worked at Eicon-Dialogic as Technical Manager in Spain. David has been the Country Marketing Chair at Metro Ethernet Forum for Spain. Mr. Noguer has wide experience speaking at international Conferences. He was graduated as Computer Engineer by Universitat Autonoma de Barcelona (UAB) and has an executive MBA from EADA Barcelona and executive education at the Thunderbird School of Global Management (Arizona) and the Henley Business School (UK). The views expressed here are my personal opinions , have not been reviewed or authorized by Juniper Networks and do not necessarily represent the views of Juniper Networks.
  • Donyel Jones-Williams is the Director of Service Provider Product Marketing Management overseeing all of Juniper's Service Provider Products for Juniper Networks. In this role, he leads all of the internal and external marketing activities for Juniper with respect to routing, automation, SDN and NFV. Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012). Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
  • I’ve been 29 years in the industry, first as a trainee IBM operator at Barclays Bank, later starting my own business which was ultimately acquired by French listed company EasyVista – [giving me great insight into working as part of an internationally focused company alongside organisations like Reuters, UBS Warburg, GlaxoSmithKline and London Electricity]. I am Sales & Marketing Director at Netutils – a specialist IT Networking and Security solutions provider. My passion continues to be making enterprise more efficient via the intelligent deployment of technology, with a view to delivering real value for my clients.
  • Jennifer Blatnik is vice president of cloud, security and enterprise portfolio marketing at Juniper Networks with focus on enterprise deployments of security, routing, switching, and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, Jennifer served multiple roles at Cisco Systems, Inc., including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.
  • As a Director of Product Marketing for Cloud Vertical at Juniper Networks, Julius is leading the strategic marketing initiatives for the Cloud solutions, technology and go-to-market. Julius brings over 20 years of experience in Product Management, Marketing and Engineering to his role at Juniper Networks. Recently, Julius was a Director of Product Management for Cloud Platform at Juniper and prior to that he was a Director of Product Management at BTI Systems driving NFV-SDN strategy and execution. Julius has also held senior level engineering/marketing/product-management positions with Juniper, Nortel and Arbor Networks and has extensive experience in the Cloud Provider, Service Provider and Enterprise Markets with an Entrepreneurship MBA focusing on technology strategy and marketing.
  • JOHN F. ORBE Government, Education & Medical Juniper Networks Americas Enterprise John joined Juniper in 2013, leading the firm’s engagement with State and Local Government and Education in the Americas. In 2014, the Healthcare sector was added to John’s responsibilities. The organization focus is upon leverage of Next Generation Network Architectures and Solutions to exceed expectations for: Connected Government, Optimized networks to enable teaching with technology and improving student outcomes in Education and assisting Healthcare Institutions to meet Meaningful Use and Affordable Care objectives. Balancing Agility, Openness and Security through the Campus, Data Center and Cloud. John leads Juniper’s CIO Advisory Board for Higher Education. Prior to joining Juniper, John held various leadership positions during his 32 years in IT, with firms including Nortel, and began his career in IT with IBM and Digital Equipment Corp (DEC). He was a founding Member of ConnectKentucky, a public private partnership. Mr. Orbe has a BS Business Administration from St. Louis University, 1981. John, his wife and four kids live in St. Louis.
  • Jon joined Fujitsu UK&I as Chief Technology Officer in January 2011 from the public sector, where he was Chief Information Officer, Transformation Director and SIRO at the Valuation Office Agency. Prior to this he was Her Majesty’s Revenue and Customs’ first Chief Technology Officer, leading the integration of the former Inland Revenue and Customs & Excise organizations. His roles in both organizations drove out savings in excess of £600m, as well as bringing about significant technology transformation, building high performing teams in the process. Jon was a founding and core member of the UK Government Chief Technology Officer Council and recruited and led a team creating Public Services Network, XBRL mandation and cross government channel strategy. Jon’s client side board level experience is built on 11 years at Accenture, with clients including Barclaycard, Legal & General, BP, Castrol and BG Group. Jon now leads the UK & Irelands 1,200 strong Architecture Community, driving standard solutions, reinforcing rigorous re-use and a collegiate collaborative community and culture, leading with courage and conviction. Jon is a firm believer in the 4Ps – Pace, Passion, Pride and Professionalism. He is a Chartered Engineer, Fellow of the British Computer Society, founding Fujitsu Fellow and a member of the Advisory Board for AppDynamics.
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile:
  • I'm a Distinguished Systems Engineer at Juniper Networks. My main technical interests are routing protocols, MPLS, PCE/WAN Controllers, automation, and optical integration. Before joining Juniper Networks in 1999, I worked at BT for several years, at first in the Photonics Research Department and later in the data transport and routing area. I have a PhD in ultrahigh-speed optical transmission and processing and an MA in Physics, both from Cambridge University. I co-authored the book "MPLS-Enabled Applications: Emerging Developments and New Technologies", with Ina Minei. The book is now in its third edition.
  • Laurence is passionate about technology, particularly cyber security. His depth and breadth of knowledge of the dynamic security landscape is a result of over twenty years’ experience in cyber security. He understands the security concerns businesses face today and can bring insight to the challenges they will face tomorrow. Laurence joined Juniper Networks in 2016 and is our senior security specialist in EMEA. Security throughout the network is a key area where Juniper Networks can help as business moves to the cloud and undertakes the challenge of digital transformation.
  • Mike Marcellin is Senior Vice President and Chief Marketing Officer, leading the global marketing team responsible for marketing Juniper’s product and services portfolio and stewarding the brand, driving preference for Juniper in the market, training our partners and account teams, and developing a differentiated information experience for our customers. Before joining the global marketing organization, Marcellin led business strategy and marketing for Juniper’s industry-leading portfolio of high-performance routing, switching and security products. Prior to joining Juniper in 2010, Marcellin served as Vice President of Global Managed Solutions for Verizon, where he oversaw product development and marketing of its managed IP networking, hosting, security and IT solutions for businesses around the world. He also served as Vice President of Global Product Marketing for Verizon Business, executive director of Verizon Business’ IP and Ethernet portfolio as well as leading the company’s eCRM marketing division. Marcellin began his career with MCI in 1994. Marcellin is a Board Member for the Telecommunications Industry Association and a Board Member of US Ignite, an NSF-sponsored initiative. Marcellin holds two patents and was a Rodman Scholar at the University of Virginia, where he received a bachelor of science degree with distinction in systems engineering. He is based in Sunnyvale, California.
  • I am a Senior Systems Engineer for NEC, based in Auckland, New Zealand. My main focus for NEC is all things Juniper, ranging from the smallest SRX platform to the PTX5K and everything in between, including the QFX and MX series. In addition to looking after the Juniper Networks equipment, I am also deeply involved in the SDN and compute platforms from NEC and Netcracker (an NEC company). Next on my certification list is the JNCIP-DC, having already completed the JNCIP-SP, JNCIP-ENT, JNCIP-SEC and the JNCDS-DC, SEC and WAN. Outside of work I enjoy the great outdoors: Mountaineering, bouldering, rock or ice climbing, tramping (hiking to non-Kiwis) and snowboarding. My partner and I own a lifestyle farm South East of Auckland, overlooking the beautiful Coromandel peninsula. We have 13.5Ha and keep Highland Cattle, horses and the chickens but also have a compliment of wild ducks, geese, peacocks and pheasants roaming through the land. Outside of work I enjoy the great outdoors: Mountaineering, bouldering, rock or ice climbing, tramping (hiking to non-Kiwis) and snowboarding. My partner and I own a lifestyle farm South East of Auckland, overlooking the beautiful Coromandel peninsula. We have 13.5Ha and keep Highland Cattle, horses and the chickens but also have a compliment of wild ducks, geese, peacocks and pheasants roaming through the land.
  • Marcel Wiget is a member of the Routing TME team. His career within Juniper started back in 2009 as a Senior Systems Engineer driving one of the first MX based Broadband Edge deployment to success. Prior to Juniper, Marcel held various positions in pre-sales, professional services and development at Chantry Networks, Spring Tide, Nortel Networks and Wellfleet.
  • I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
  • I love the intracacy and intimacy of succesful communications. Why and how people engage with each other is fascinating. I am also consumed with the way IT changes behaviours, values and expectations in society. I bring this sense of wonder to my role in EMEA Service Provider Marketing Programs at Juniper Networks. Down time: My passions are music, reading, politics, Derby County and playing the guitar (and the harmonica). You can follow me elsewhere: twitter: @neilpound my personal blog: my LinkedIn account: Neil Pound
  • Head of EMEA Marketing for Juniper Networks. An inspirational marketing leader working across the entire marketing mix to transform brand into business value, activity into results and thought leadership into measurable pipeline. You can follow me on Twitter at @PaulGainham
  • Paul Obsitnik is Vice President of Service Provider Marketing for Juniper Networks Platform Systems Division (PSD), responsible for the marketing of Juniper’s portfolio of high performance routing, switching, and data center fabric products to Service Providers globally. Paul's team is responsible for marketing strategy, product marketing, go-to-market planning, and competitive analysis worldwide for the Service Provider segment. Obsitnik has extensive experience in marketing, sales and business development positions with a proven track record in creating technology markets. He has served in senior marketing and sales management positions at several companies including BridgeWave Communications, ONI Systems, NorthPoint Communications and 3Com. Paul holds a Bachelor of Science with Honors in Electrical Engineering from the United States Naval Academy and a Master of Business Administration from the Harvard Graduate School of Business. Obsitnik is based in Sunnyvale, California.
  • I have been at Juniper Networks since 2004, focused on Corporate Communications (media relations, analyst relations, customer reference progam) for the Europe, Middle East & Africa region. I have worked in the networking industry since 1988.
  • Quite some years in the IT and Telecom Industry, half of it in Juniper ! Currently self-driving in a world of telecommunications which is both real and virtual.
  • Solutions Marketing Sr Manager
  • Raghu Subramanian is VP of Sales Engineering for Asia-Pacific at Juniper Networks. Prior to this, he has served Juniper as chief strategist for the security business, product evangelist to channel partners, and product manager for M-series routers. In past lives, Raghu was a chip designer at Hewlett Packard, and an R&D manager at a start-up acquired by PMC-Sierra. Raghu has an MBA from the MIT Sloan School of Management, Ph.D. in Computer Science from the University of California at Irvine, and a Electrical Engineering from the Indian Institute of Technology at Kanpur. In his spare time, he enjoys reading non-fiction, coaching kids for the Math Olympiad, and traveling with his family to other countries to learn about their ways.
  • Raj is a Sr. Cloud Technology Architect with Juniper Networks and focuses on technologies such as VMware, SDN, and OpenStack etc.
  • Stephen is currently a Partner Acccount manager at Juniper Networks, and has held this role for 3 years. Prior to Juniper, he worked at Extreme Networks for 11 years in a variety of roles. Stephen is a Father of 3 children, a keen cricket fan and enjoys cooking, reading and theatre in his free time.
  • Stephen Liu is Senior Director of Product Marketing for Juniper Networks. In this role, he leads product marketing for Juniper’s industry-leading service provider portfolio of high-performance routing and switching products. These products include Juniper PTX Series, T Series, MX Series, and ACX Series platforms along with software and security. Prior to joining Juniper in 2013, Stephen served as Director of Service Provider Marketing at Cisco Systems. In that role, he led product and solution marketing worldwide for the service provider routing, switching, optical, and software portfolio. Products included NCS, CRS, ASR, and ONS platforms. Stephen attended the University of California, San Diego, where he received a bachelor’s of science degree electrical engineering – communication systems. Hobbies include restoring old Volkswagens and coaching competitive youth soccer. He is based in Sunnyvale, California.
  • Steven Tufts is Corporate Vice President of Services at Juniper Networks. In his current role, Steven is responsible for all services sales and delivery in the Americas. Previously, he led the Global Support Organization delivering technical support for all products in all theaters. Prior to Steven’s 10+ years at Juniper, he served as Vice President of Global Service and Support at Alcatel. He arrived at Alcatel through the acquisition of Xylan Corporation and worked in the combined companies for 10 years. Before that, Steven served in technical and management roles at Bay Networks/Nortel as well as Wellfleet Communications. Steven earned his B.S. degree in Computer Science from Worcester Polytechnic Institute and an Executive Business degree from Stanford University. He works at the Juniper Networks headquarters in Sunnyvale, California.
  • An accomplished network engineer with 17+ years’ experience, and a Juniper employee since 2004, Tony leads the IT team focused on deploying “Juniper on Juniper”, using Juniper technology to run the business and deliver core business services across the enterprise. Tony holds a BS degree from California Polytechnic State University. Outside of work, Tony serves on a School Advisory Council, loves biking and good coffee.
  • Troy has been with Juniper for over 15 years doing system design on the largest, most complex core routers the industry.
About Industry Solutions and Trends

Subscribe RSS Icon

Follow our Twitter Accounts:
Juniper Networks Twitter
UK Twitter
Japan Twitter
Australia Twitter